Welcome to This Week’s [in]Security. We’ve collected and grouped together a selection of this week’s news and opinion links on security and privacy related topics. We hope you enjoy and find them useful.

PCI Compliance and Payments

• New PCI Approved Scanning Vendor (ASV) Program Guide in effect https://www.pcisecuritystandards.org/documents/ASVProgramGuide_v3.0.pdf
• Minor updates to PCI ecommerce guidance clarified https://www.pcisecuritystandards.org/pdfs/bestpracticessecuring_ecommerce.pdf
• Minor updates to PCI DSS Scoping Guidance https://www.pcisecuritystandards.org/documents/Guidance-PCI-DSS-Scoping-and-Segmentationv11.pdf
• Updates to PCI QIR training announced https://blog.pcisecuritystandards.org/council-adds-training-to-bolster-secure-payment-application-installation

Breaches

• OneLogin breach and possible compromise of encrypted data https://www.theregister.co.uk/2017/06/01/onelogin_breached/ and https://krebsonsecurity.com/2017/06/onelogin-breach-exposed-ability-to-decrypt-data/
• Classified US data found on unsecured AWS cloud https://www.theregister.co.uk/2017/06/01/usnationalgeospatialintelligenceagency_leak/
• Edmodo 43M credentials https://haveibeenpwned.com/PwnedWebsites#Edmodo

Lawful Access / Back-doors / Regulations

• Kmart's 2nd payments breach https://krebsonsecurity.com/2017/05/credit-card-breach-at-kmart-stores-again/
• UK could co-opt security research https://www.theregister.co.uk/2017/05/31/surveillancelawcompulsion/
• Patent nonsense, yes you can refill printer cartridges https://www.eff.org/deeplinks/2017/05/supreme-court-victory-right-tinker-printer-cartridge-case
• More patent nonsense, API's https://www.eff.org/deeplinks/2017/05/eff-asks-federal-circuit-fix-its-terrible-api-copyright-decision
• China legislates data residency https://www.theregister.co.uk/2017/06/01/chinacybersecuritylaw/
• US Social media vetting goes live https://www.theregister.co.uk/2017/06/01/socialmediavettingforvisas/

Bugs

• Discussion of the US Vulnerabilities Equities Process (VEP) https://www.schneier.com/blog/archives/2017/06/wannacryandvu.html
• Analysis of the EternalBlue vulnerability that powered Wannacry[pt] http://blog.trendmicro.com/trendlabs-security-intelligence/ms17-010-eternalblue/

Privacy

• FBI using Geek Squad informants https://www.eff.org/deeplinks/2017/02/FBI-tries-to-bypass-Fourth-Amendment-Safeguards-by-using-Geek-Squad

Hacking / Malware

• Disney says Pirates hack was a hoax https://www.theregister.co.uk/2017/05/26/pirateshackhoax/

Other Security / Risk

• Bank of Canada doesn't see a role for BlockChain (yet) http://www.pymnts.com/news/b2b-payments/2017/bank-canada-interbank-payment-system-blockchain/
• Quantum resistant RSA crypto https://www.schneier.com/blog/archives/2017/05/post-quantum_rs.html
• Hacking trucks for profit https://www.theregister.co.uk/2017/05/31/bikershackjeepsinautotheftspree/
• New issue of Feisty Duck's Bulletproof TLS Newsletter https://www.feistyduck.com/bulletproof-tls-newsletter/issue28letsencryptdowntime.html
• Despite encryption you can tell a huge amount about what your IoT is doing through traffic analysis https://www.theregister.co.uk/2017/05/29/internetofsnitchesanyonewhocangetyourtrafficknowswhatyouredoing/
• Analysis/opinion on who the Shadow Brokers may be https://www.schneier.com/blog/archives/2017/05/whoarethe_sha.html
• After Intel AMT http://www.csoonline.com/article/3198647/security/6-reasons-why-chip-hacks-will-become-more-popular-in-the-future.html
• On the risks of password managers https://www.darkreading.com/attacks-breaches/onelogin-breach-reignites-concerns-over-password-managers/d/d-id/1329034

Off-Topic

• With two 747 hulls and 6 engines the ROC StratoLauncher is the world's largest aircraft https://www.universetoday.com/135828/monster-stratolaunch-aircraft-rolled-getting-closer-first-flights/
• Astronomy Cast (podcast) on Inflatable Space Habitats https://www.universetoday.com/135811/astronomy-cast-ep-450-inflatable-habitats/